You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Register a free account to unlock additional features at BleepingComputer.com

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

After reviewing your log I see a few items that require our attention. Please print out the instructions here (or save it in Notepad) so that you can follow along more easily. PLEASE FOLLOW THESE STEPS IN THE EXACT ORDER LISTED.

1. Download the following programs:

a. Download Cwshredder.exe and save it to a folder of its own. Download it from here:http://www.trendmicro.com/cwshredder/ Start the program, and click on the Check for Update button. If an update is available then download and install it. DO NOT RUN IT YET.

c. Download cwsserviceremove.zip and unzip the contents to your desktop. Locate the cwsserviceremove.reg file and right-click on it. Choose the Merge option and answer Yes or Ok to any further prompts to merge the file into the registry. You should receive a message that the file was merged successfully.

d. Please download ewido security suite it is a free version of the program.*Install ewido security suite*When installing, under "Additional Options" uncheck..*Install background guard*Install scan via context menu*Launch ewido, there should be an icon on your desktop, double-click it.*The program will now open to the main screen.*When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.

*You will need to update ewido to the latest definition files.*On the left hand side of the main screen click update.*Then click on Start Update.

*The update will start and a progress bar will show the updates being installed.(the status bar at the bottom will display "Update successful")*Exit ewido. DO NOT scan yet.If you are having problems with the updater, you can use this link to manually update ewido.ewido manual updates

e. Click here to download Pocket Killbox by Option^Explicit. Save it to a folder. DO NOT RUN IT YET.

2.Start in Safe Mode Using the F8 method: * Restart the computer. * As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears. * Use the arrow keys to select the Safe Mode menu item. * Press the Enter key.

4. Then please run About:Buster and click Start to begin the scan. If prompted to end the Explorer.exe process, click Yes. Your desktop may disappear --- this is normal. Allow the program to scan twice, and when complete click "Save Log". This will create a text file called "AB Logfile.txt" in the folder where About:Buster is saved. I will want to see this logfile later.

5. Now run CCleaner.

Uncheck "Cookies" under "Internet Explorer".

If running Firefox: click on the "Applications" tab and uncheck "Cookies" under "Firefox".

Click on Run Cleaner in the lower right-hand corner. This can take quite a while to run.

6. Now open ewido and do a scan of your system.a. Click on scannerb. Click on Complete System Scan and the scan will begin.c. You will be prompted to clean the first infection.d. Select "Perform action on all infections", then proceed.e. Once the scan has completed, there will be a button located on the bottom of the screen named Save reportf. Click Save report.g. Save the report .txt file to your desktop or a location where you can find it easily.

7. Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:

Double-click on Killbox.exe to run it. Place the following lines (complete paths) in bold below in the Full Path of File to Delete box in Killbox, and click the red button with the white X on it after each. (not the close button in the top right corner) Keep track of any files if it tells you either could not be found or could not be deleted, as you'll need those later:

For the files that it either couldn't find or couldn't delete, in the killbox again this time, put a mark next to Delete on Reboot. Copy and paste each file into the file name box, then click the red button with the X after each. It will ask you if you want to reboot each time you click it, answer NO until after you've pasted the last file name, at which time you should answer Yes.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again.

9. Run a full scan with Ad-aware and SpyBot. Remove all items that are found in the scans.

Could you paste another HijackThis log, as well as the logs from AboutBuster and the Ewido logs that I requested above. This infection is difficult to remove, so there still might be some items hanging around that will infect your computer again.